Glassworm malware returns in third wave of malicious VS Code packages

The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms.
DataBreachToday

Codex Bug Let Repo Files Execute Hidden Commands

OpenAI patched a command injection flaw in its Codex CLI tool that let attackers run arbitrary commands on developer machines ...

WordPress’s vibe-coding experiment, Telex, has already been put to real-world use

Though WordPress's Telex is still an experiment, the vibe-coding software has already been used to help build real-world ...

Glassworm returns once again with a third round of VS code attacks

The Visual Studio Marketplace and the Open VSX Registry users are targeted once again with infostealing malware.
CSO Online

RCE flaw in OpenAI’s Codex CLI highlights new risks to dev environments

Researchers found that .env files inside cloned repositories could be used to change the Codex CLI home directory path and ...